Skip to main content

Browse the archive

https://github.com/torvalds/linux
13 July 2024, 08:20:57 UTC
Revision 999653786df6954a31044528ac3f7a5dadca08f4 authored by Ben Hutchings on 22 June 2016, 18:43:35 UTC, committed by J. Bruce Fields on 24 June 2016, 16:11:52 UTC 
nfsd: check permissions when setting ACLs
 
Use set_posix_acl, which includes proper permission checks, instead of
calling ->set_acl directly.  Without this anyone may be able to grant
themselves permissions to a file by setting the ACL.

Lock the inode to make the new checks atomic with respect to set_acl.
(Also, nfsd was the only caller of set_acl not locking the inode, so I
suspect this may fix other races.)

This also simplifies the code, and ensures our ACLs are checked by
posix_acl_valid.

The permission checks and the inode locking were lost with commit
4ac7249e, which changed nfsd to use the set_acl inode operation directly
instead of going through xattr handlers.

Reported-by: David Sinquin <david@sinquin.eu>
[agreunba@redhat.com: use set_posix_acl]
Fixes: 4ac7249e
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
1 parent 485e71e
History
Tip revision: 999653786df6954a31044528ac3f7a5dadca08f4 authored by Ben Hutchings on 22 June 2016, 18:43:35 UTC
nfsd: check permissions when setting ACLs
Tip revision: 9996537
File Mode Size
Documentation
arch
block
certs
crypto
drivers
firmware
fs
include
init
ipc
kernel
lib
mm
net
samples
scripts
security
sound
tools
usr
virt
.get_maintainer.ignore -rw-r--r-- 31 bytes
.gitignore -rw-r--r-- 1.2 KB
.mailmap -rw-r--r-- 5.8 KB
COPYING -rw-r--r-- 18.3 KB
CREDITS -rw-r--r-- 95.5 KB
Kbuild -rw-r--r-- 2.8 KB
Kconfig -rw-r--r-- 252 bytes
MAINTAINERS -rw-r--r-- 352.7 KB
Makefile -rw-r--r-- 56.0 KB
README -rw-r--r-- 18.1 KB
REPORTING-BUGS -rw-r--r-- 7.3 KB

README

back to top